search

PowerShell / SecretManagement

PowerShell module to consistent usage of secrets through different extension vaults
MIT License
328 stars 46 forks source link

Get-Secret asking for Vault password in PowerShell 7.1.1 but not in WSL2 #100

Open MaximoTrinidad opened 3 years ago

MaximoTrinidad commented 3 years ago

I'm wondering if this is by design or a bug. I kind of like to have the ability to get the secrets without the password to the vault but if it's a requirement then why not provide a parameter for the vault password via a prompt.

I use the following oneliners to repo the issue I'm experiencing:

Set-secret -name sqladmin01cred -secret '$SqlPwd01!';
$sqlcred = Get-secret -Name sqladmin01cred -AsPlainText;

In PowerShell 7..1.1:

PS C:\Windows\System32> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.1.1
PSEdition                      Core
GitCommitId                    7.1.1
OS                             Microsoft Windows 10.0.21301
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

PS C:\Windows\System32>

secretpwh711_01_2021-02-01_11-17-44

In WSL2 PowerShell 7.1.1:

PS /home/max_t> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.1.1
PSEdition                      Core
GitCommitId                    7.1.1
OS                             Linux 4.19.128-microsoft-standard #1 SMP Tue Jun 23 12:58:10 UTC 2020
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

secretWSL2pwsh_01_2021-02-01_11-16-19

Modules version;

PS C:\Windows\System32> get-module -l *secret* | select name, version

Name                                  Version
----                                  -------
Microsoft.PowerShell.SecretManagement 0.5.5
Microsoft.PowerShell.SecretStore      0.5.4
PaulHigin commented 3 years ago

Microsoft.PowerShell.SecretStore vault entered password remains in effect for a period of time, similar to the sudo command. The amount of time the password remains in effect can be configured, but by default the timeout is 15 minutes. You can see the default SecretStore configuration by running the Get-SecretStoreConfiguration command.

You can also configure SecretStore to operate without a password, but this is not recommended since it is less secure and secrets become vulnerable to other admin accounts on the machine.

For more information please see the SecretStore readme file. https://github.com/PowerShell/SecretStore/blob/master/README.md